Resolve DA, A&C, and security spec gaps with ServerCapabilities, alarm methods, and modern profiles

Add ServerCapabilities/OperationLimits node, enable diagnostics, add OnModifyMonitoredItemsComplete
override for DA compliance. Wire shelving, enable/disable, confirm, and addcomment handlers on
alarm conditions with LocalTime/Quality event fields for Part 9 compliance. Add Aes128/Aes256
security profiles, X.509 certificate authentication, and AUDIT-prefixed auth logging. Fix flaky
probe monitor test. Update docs for all changes.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

src/ZB.MOM.WW.LmxOpcUa.Host/Configuration/SecurityProfileConfiguration.cs

@@ -42,5 +42,11 @@ namespace ZB.MOM.WW.LmxOpcUa.Host.Configuration
         ///     When <see langword="null" />, defaults to <c>CN={ServerName}, O=ZB MOM, DC=localhost</c>.
         /// </summary>
         public string? CertificateSubject { get; set; }
+
+        /// <summary>
+        ///     Gets or sets the lifetime of the auto-generated server certificate in months.
+        ///     Defaults to 60 months (5 years).
+        /// </summary>
+        public int CertificateLifetimeMonths { get; set; } = 60;
     }
 }